Mercurial > repos > other > Puppet
annotate modules/my_fw/manifests/pre.pp @ 403:a0c1b33a243f
Add missed new Firewall module files
| author | IBBoard <dev@ibboard.co.uk> |
|---|---|
| date | Wed, 20 Apr 2022 19:30:33 +0100 |
| parents | 11d940c9014e |
| children | 2c3e745be8d2 |
| rev | line source |
|---|---|
|
40
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
1 class my_fw::pre { |
|
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
2 Firewall { |
|
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
3 require => undef, |
|
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
4 } |
| 279 | 5 |
| 6 $icmp_proto = $my_fw::ip_version == "IPv6" ? { true => 'ipv6-icmp', default => 'icmp' } | |
| 7 $localhost = $my_fw::ip_version == "IPv6" ? { true => '::1/128', default => '127.0.0.0/8' } | |
| 8 | |
|
40
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
9 # Default firewall rules |
|
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
10 firewall { '000 accept all icmp': |
| 279 | 11 proto => $icmp_proto, |
|
40
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
12 action => 'accept', |
|
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
13 } -> |
|
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
14 firewall { '001 accept all to lo interface': |
|
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
15 proto => 'all', |
|
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
16 iniface => 'lo', |
|
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
17 action => 'accept', |
|
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
18 } -> |
|
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
19 firewall { "002 reject local traffic not on loopback interface": |
|
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
20 iniface => '! lo', |
|
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
21 proto => 'all', |
| 279 | 22 destination => $localhost, |
|
40
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
23 action => 'reject', |
|
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
24 } -> |
|
348
11d940c9014e
Update Firewall module to try and fix quoting string issue
IBBoard <dev@ibboard.co.uk>
parents:
279
diff
changeset
|
25 firewall { '005 accept related established rules': |
|
40
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
26 proto => 'all', |
|
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
27 state => ['RELATED', 'ESTABLISHED'], |
|
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
28 action => 'accept', |
|
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
29 } |
|
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
30 } |